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We Claim: 

1. A method of monitoring traffic flows in a domain of a communications 
network, the domain being logically arranged as a virtual router network having 
virtual interfaces at edge nodes of the domain, comprising the steps of: 

a) determining, at a virtual interface and in dependence upon a rule set, whether a 
packet belongs to a flow to be monitored; 

b) accounting, responsive to the packet belonging to a flow to be monitored, the 
packet in a flow record corresponding to that flow; and 

c) aggregating the flow records for transmission to a collector. 

2. The method as defined in claim 1, wherein the method is performed at a 
plurality of the virtual interfaces. 

3. The method as defined in claim 2, further comprising an initial step of 
selecting one of the virtual interface as a master virtual interface. 

4. The method as defined in claim 3 wherein the step of selecting the master 
virtual interface is done by polling each of the virtual interfaces to determine which 
one best satisfies a selection criteria. 

5. The method as defined in claim 4 wherein the selection criteria includes 
CPU usage, traffic handling capability and memory capacity. 

6. The method as defined in claim 3, further comprising following the selecting 
step, initiating, by the master virtual interface, distribution of the rule set to the 
other virtual interfaces. 
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7. The method as defined in claim 3 comprising following the selection step, 
by the master virtual interfaces, collecting aggregated flow records from the other 
virtual interfaces. 

8. The method as defined in claim 7, further comprising the step of sending, by 
the master virtual interface, the aggregated flow records to the collector. 

9. The method as defined in claim 7 wherein the flow records are aggregated 
using a serial collection of flow table data. 

10. The method as defined in claim 7 wherein the flow records are aggregated 
using a parallel collection of flow table data. 

11. The method as defined in claim 7 wherein the aggregated flow records are 
provided to the collector using either a push or a pull collector operation. 

12. The method as defined in claim 6 wherein a service manager initiates the 
triggering selection process by sending a new or updated rule set to the master. 

13. The method as defined in claim 12 wherein the service manager receives 
aggregated flow records from the collector. 

14. A system for monitoring traffic flows in a domain of a communications 
network, the domain being logically arranged as a virtual router network having 
virtual interfaces at edge nodes of the domain, the system comprising: 

means at a virtual interface for determining in dependence upon a rule set, 
whether a packet belongs to a flow to be monitored; 
means for accounting, responsive to the packet belonging to a flow to be 
monitored, the packet in a flow record corresponding to that flow; and 
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means for aggregating the flow records for transmission to a collector. 

15. The system as defined in claim 14 having multiple virtual interfaces wherein 
one of said virtual interfaces is selected as a master virtual interface. 

16. The system as defined in claim 15 wherein the master virtual interface has 
means to distribute rule sets to other virtual interfaces. 

17. The system as defined in claim 16 wherein the master virtual interface has 
means to collect aggregated flow records from the other virtual interfaces and to 
report the aggregated flow records to a collector. 

18. The system as defined in claim 17 having a service manager to initiate a 
selection of the master virtual interface and to collect aggregated flow records from 
the collector. 

19. A method of measuring per-flow traffic delay between two routers having 
synchronized clocks, comprising the steps of: 

a) calculating, at each of the routers, a key uniquely and invariantly identifing a 
corresponding packet in the flow; 

b) selecting, at each of the routers using the key, a packet to be monitored; 

c) recording, at each of the routers, a timestamp upon selection of each packet; and 

d) subtracting the timestamps to determine the delay for the packet. 

20. The method as defined in claim 19 wherein multiple packets are monitored 
and an average delay for the multiple packets is calculated. 

21. The method as defined in claim 20 wherein if a key can not be calculated 
within a given time interval indicating lost packets the calculating step is stopped. 
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22. A system for measuring per-flow traffic delay between two routers having 
synchronized clocks, comprising: 

means for calculating, at each of the routers, a key for every packet in the flow, 
wherein the key uniquely and invariantly identifies a corresponding packet in the 
flow; 

means for selecting, at each of the routers using the key, a packet to be monitored; 
means for recording, at each of the routers, a timestamp upon selection of each 
packet; and 

means for subtracting the timestamps to determine the delay for the packet. 

23. The system as defined in claim 22 wherein the routers are edge routers in a 
virtual router network. 

24. The system as defined in claim 23 wherein one of said edge routers is 
selected as a master edge router and packet filtering information is aggregated and 
correlated at said master edge router. 

25. The system as defined in claim 23 wherein one of said edge routers is 
selected as a master edge router and the aggregation and correlation processes of 
packet filtering information are distributed among the edge routers, the results 
being sent and compiled at said master edge router. 

26. The system as defined in claim 24 having a service manager to receive said 
packet filtering information. 



